Exploiting Weaknesses in Entra ID Account Synchronization to Compromise the On-Prem Environment  

Active Directory (AD) is a Microsoft product designed to assist network administrators in managing user permissions within an organization. It is installed on a Windows Server, turning it into a Domain Controller responsible for managing enterprise environments and performing actions such as storing all user accounts, their passwords and permissions, and managing user authentication.  Over […]

Using MITM to bypass FIDO2 phishing-resistant protection

FIDO2 is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key.   FIDO2 is mostly known to protect people from man-in-the-middle (MITM), phishing and session hijacking attacks.   In this […]

The Identity Underground Report: Deep insight into the most critical identity security gaps  

We’re proud to unveil the first report based on Silverfort’s proprietary data: The Identity Underground Report. This data, gathered and analyzed from hundreds of production environments, discloses the key security gaps – or Identity Threat Exposures (ITEs) – that adversaries exploit to launch identity threats such as credential access, privilege escalation and lateral movement.   This […]

Finding the Sweet Spot: How Donut Extortion Group Targets Achilles’ Heel in Cybersecurity

Every organization faces an ongoing battle against cybersecurity threats. Attackers are constantly looking for vulnerabilities to exploit, seeking out the Achilles’ heel that can give them access to your systems and data.   In this blog post, we’ll explore a real-world use case where a cybersecurity extortion group successfully found and exploited our customer’s Achilles’ heels. […]

Open Sourcing Our Lateral Movement Detection Tool: LATMA

Collect authentication traffic from Active Directory, create a detailed report (and GIF) that outlines lateral movement patterns Lateral movement detection is a challenge every cybersecurity researcher is likely familiar with. My team and I faced this challenge a few months ago and, unsurprisingly, quickly discovered there is no easy or fast solution to address it. […]

Resolving Shadow Admins: Achieving Maximum Impact with Minimal Effort

Shadow Admins are non-administrative users that hold sensitive privileges which effectively grant them admin-level rights. Such privileges can include direct access to resources or the ability to modify other users’ settings (for example, resetting passwords, gaining “Write All properties” permissions, etc.). In this blog post, we’ll focus on the second type. There are several reasons […]

Building an Alert System Using Snowflake

During my time here at Silverfort, I was tasked with building an alert system to send messages from our Snowflake database directly to a Slack channel. Easy enough, I thought to myself. But the project expanded quickly and has now evolved into a critical component we use daily to monitor and mitigate threats. In this […]

Introducing the LATMA Algorithm for Better Lateral Movement Detection

Lateral movement detection is a challenge every cybersecurity researcher is likely familiar with. My team and I faced this challenge a few months ago and, not surprisingly, quickly discovered there is no easy or fast solution to address it. In this post, I’ll explain the challenge of detecting lateral movement and show you how my […]

Silverfort Protection Against CVE-2023-23397 Outlook Zero Day

In the latest Patch Tuesday, Microsoft released a patch for  CVE-2023-23397 Zero Day in Outlook, which was reported to be exploited in the wild. Exploitation of this vulnerability enables an adversary to grab NTLM hashes (equivalent to user credentials) from the targeted machine and use them for malicious access to other machines in the environment. […]